Entrepreneurs try flying the Security Tokens plane while the plane is still being built

This post, the 3rd in a series of 4, is written by Sheldon Freedman, a fintech and funds lawyer at Hassans in Gibraltar. Click here for last week’s post in this series

Editors note: the question of jurisdiction is in many entrepreneurs’ minds as we read headlines such as “SEC Charges EtherDelta Founder Over ‘Unregistered Securities Exchange”. Entrepreneurs (and the incumbents thinking about how to disrupt before being disrupted) know that timing matters and that Security Tokens are coming. They also know that flying the Security Tokens plane while the plane is still being built is scary and dangerous.

A security token is issued digitally on the blockchain, backed by tangible assets such as shares in a company, real estate or rights to cash flows. Security tokens are digital assets subject to securities regulation, with compliance required in the issuer jurisdictions as well as in investor jurisdictions – from initial offering by the issuer to all secondary trades among investors.The path to issuing a security token is a long, uncertain, innovative process with advisors, lawyers, exchanges, platforms and regulators, as issuers are breaking into new regulatory territory, applying conventional securities laws to revolutionary security tokens. The regulatory situation currently is confusing because the incipient security token ecosystem is evolving. Regulators who are trying to find their way lack experience, with no model example to look to.

Editors note: in law, precedence is everything. It is very tough to be guided by precedence when everything is changing as something totally new and disruptive such as Blockchain appears.

The task of securities regulators is well known to facilitate the orderly, productive functioning of securities markets and to protect investors with fairness practices, disclosure and qualification thresholds. However, with the advent of electronic financial systems, global finance has become comprehensively regulated by laws and procedures pertaining to anti-money laundering, sanctions and anti-terrorist funding.

Editors note: some might see regulation as designed to protect consumers/retail investors. That is what it says on the tin. Some might cynically say regulators have been captured by incumbents who seek protection from disruptive new entrants (i.e. that regulation is designed to prevent innovation). Sheldon points to the concern of regulators – anti-money laundering, sanctions and anti-terrorist funding.

To appreciate the sheer comprehensiveness of this regulation, one need only remember one example – the experience of banking organization HBSC, which this writer represented as counsel. Originally known in 1865 as “The Hongkong and Shanghai Bank”, HSBC Holdings plc is today the largest bank in Europe, a global roll-up of banks headquartered in London.Operating out of 3,900 offices in 67 countries, HBSC is the world’s 17th-largest public company, with the Americas, Asia Pacific and Europe each representing approximately one-third of its business. HSBC is the largest bank in Hong Kong and prints most of Hong Kong’s local currency in its own name. HSBC has frequently been named the world’s most valuable banking brand by industry rankers.

In the early 2000’s, as HBSC and other major institutions embarked on sprees of acquisitions of valuable global banking businesses, compliance with the relatively new anti-money laundering laws was not primarily on the minds of acquirers, who were in fact acquiring regulatory liabilities with businesses they were acquiring.In 2012 HSBC was the subject of anti-money laundering enforcement hearings in the United States Senate Permanent Subcommittee on Investigations. HBSC was investigated for deficiencies in its anti-money laundering practices, which gave HBSC a permanent hangover from years of acquisition partying. The Senate subcommittee found HSBC had transferred $7 billion in drug crime-related funds from its Mexican to its US subsidiary, was disregarding terrorist financing linksand was circumventing U.S. safeguards to block transactions involving terrorists, drug lords and rogue regimes. In one instance, “two HSBC affiliates sent nearly 25,000 transactions involving $19.4 billion through HBSC’s U.S. affiliate accounts without disclosing the transactions’ links to Iran. The Justice Department charged, “HBSC officials repeatedly ignored internal warnings that its monitoring systems were inadequate”, exposing the U.S. financial system to “a wide array of money laundering, drug trafficking, and terrorist financing.”

The Senate subcommittee also found HBSC provided financing and services to banks in Saudi Arabia and Bangladesh that were tied to terrorist organizations, while also clearing $290 million in “obviously suspicious travelers cheques” that benefitted Russians “who claimed to be in the used car business.”

Furthermore, the investigation showed how the bank’s regulator, the Office of the Comptroller of the Currency (OCC) failed to take a single enforcement action against HSBC despite numerous violations by the international bank. Among them, failing to monitor $60 trillion in wire transfer and account activity, a backlog of 17,000 unreviewed account alerts regarding potentially suspicious activity, and a failure to conduct anti-money laundering due diligence before opening accounts for HSBC affiliates.

Editor’s note: incumbents, thinking about how to disrupt before being disrupted, are even more nervous than entrepreneurs about falling foul of regulators. Banks are licensed by governments. Having that license taken away is an existential threat.

Dozens of countries now adhere to their own anti-money laundering directives, and are additionally obligated by muscular international instruments and standards deploying sophisticated IT systems for anti-money laundering data collection and analysis, such as United Nations conventions against narcotic drug trafficking, organized crime and corruption, and FATF (the Financial Action Task Force on Money Laundering) formed by the G7 countries.

Editors note: in an era of increasing protectionism and nationalism, expect these regulators to get tougher. I will carbon date myself by saying I have an old passport, pre-Thatcher era, which has a stamp in it saying that I was approved by the Bank of England to take GBP50 out of the country. That story won’t sound so strange to our subscribers in China or India or other countries with exchange controls.

Due to the stigma that has attached to a stampede of low quality ICOs to date (most ICOs have been cryptocurrencies), there is an apparent emerging convention to term the issuance of security tokens “STOs” to distinguish issuances of security tokens from issuances of cryptocurrencies and utility tokens.

Jurisdictions regulate STOs under their existing securities regimes, which are not sufficiently comprehensive or evolved to provide clarity to issuers, investors and regulators.Innovation and improvisation are now the domain of intrepid issuers aiming to fashion a regulatory path with regulators, or to stealthily rely on existing exemptions.Prof. Bhaskar Krishnamachari of the University of Southern California observes: “We are flying an airplane while we are still building it”.

Editors note: entrepreneurs seeking to seize the day with early-mover advantage want to know whether the plane lacks seat-back entertainment (boring but safe) or lacks hydraulics (will crash unless pilot is really good and a bit lucky). The short answer is a) all startups have risk b) get good navigators to minimise that risk.

The US Securities and Exchange Commission (SEC), recognized global leader in securities regulation, has not offered anything regarding security tokens.Security token issuers are attempting to effect conventional registrations with the SEC or to rely on Reg D exemptions and new crowdfunding provisions. It is not surprising the SEC has been slow to act.A large organization with six independent divisions and 25 offices, sharing financial regulation with several other US agencies (CFTC, FINCEN, IRS, state regulators, etc), the SEC simply has not yet addressed security token offering regulation.However, the SEC recently announced on October 18 the establishment of The FinHub, the SEC’s Strategic Hub for Innovation and Financial Technology tasked to address new distributed ledger-enabled securities. The FinHub replaces and builds on the work of several internal SEC working groups and is intended to serve as a resource for public engagement on the SEC’s FinTech-related issues and initiatives, including STOs.

The FinHub will be staffed by top industry experts, led by Valerie A. Szczepanik, Senior Advisor for Digital Assets and Innovation and Associate Director in the SEC’s Division of Corporation Finance.

The current situation is confusing and the ecosystem itself is evolving. Jurisdictions are trying to find their way, while there is no example to look to.

A small number of STOs are taking place in USA, such as:

Indiegogo – shares in Colorado resort (Aspen Coin)

Spin – electric scooter offering 125 million for investors to share in revenue

Blackmoon Financial Group -security token which tracks its lending fund

In the EU, similar to USA, STO issuers are seeking registrations and relying on conventional exemptions.In the EU, exemption may be available for offerings of less than 1mm Euro per year, offerings to less than 150 people per member state, and to qualified sophisticated investors.

A UK example of a current STO is The Elephant (tokenized private equity platform).

A small number of STO’s are taking place in light-touch regulatory jurisdictions, such as Switzerland and Singapore, but these are smaller markets and their rules are not widely accepted by major countries.Examples of STOs being carried out in Switzerland:

An STO example in Lithuania is security tokens representing equity in Desico (which is building a financial asset marketplace)

Surprisingly absent in security tokens is South Korea. Despite being innovators in so many areas of blockchain, South Korean regulators currently seem more focused cracking down on bad ICOs than enabling compliant STOs.

Editor’s note: the Etherum ICO in 2014 was the Napster moment for the Securities business. Napster was free and illegal. Then in 2017, entrepreneurs went for the ICO gold rush, using the Ethereum platform. Like with Napster, the regulators cracked down. But market demand finds a way to leverage disruptive technology. The STO market awaits something like iTunes or Spotify – cheap (not free) and legal. It hears the music and wants to buy it.